When I first read about the changes to the United States Department of Justice’s official guidance on its long-standing “Evaluation of Corporate Compliance Programs,” I immediately set out to identify, digest, and analyze those changes. Through my analysis, I sought to determine how the changes could potentially affect our corporate clients and how we could help them navigate compliance and anti-corruption challenges.
My first thought took me to the relatively recent pronouncement by former Deputy Attorney General Rod Rosenstein of the newly-enshrined “FCPA Corporate Enforcement Policy.” Previously a (successful) pilot program to the U.S. Attorney’s Manual, it provided that “when a company satisfies the standards of voluntary self for disclosure, full cooperation and timely appropriate remediation following an offense – there will be a presumption that the Department will resolve the case through a declination.”
While not a surprise, the implementation of that program and its eventual enshrinement in the U.S. Attorney’s Manual in 2017, was in my opinion, to some extent seismic, and welcome, news to those corporate entities (and their counsel) struggling to comply with anti-corruption laws and policies by building in all available safeguards against renegade corporate individuals.
To my delight and edification, The FCPA Blog’s Richard Cassin published two outstanding articles focusing on precisely how that corporate compliance program evaluation guidance had been amended.
As a former career federal prosecutor, and having spent nearly 12 years as the United States Attorney for the Eastern District of Louisiana, I was relieved to learn that the numerous newly-published changes and additions to the guidance document addressing factors which the DOJ will look to in order to determine compliance program adequacy were, in most cases, more helpful than onerous, and more specific than general. At the end of the day, the revised guidance provides greater utility to both in-house and outside counsel in helping companies avoid corrupt practices altogether. In the event of that dreaded unauthorized transgression, the guidance is critical in at least avoiding debilitating, costly, and destructive investigations and consequences.
While nearly 30 amendments have been identified, they are not, in my opinion, unreasonable (at least in the abstract). To the contrary, they potentially provide counsel with specifics that are very helpful in impressing upon our corporate clients precisely the kinds of safeguards that they will need to implement in order to avoid running afoul of both DOJ and regulatory entities.
For example, in the introduction to the guidance document, the new language makes it plain that because the DOJ Criminal Division does not use any “rigid formula” to assess a corporate compliance program’s effectiveness. Instead, it states: “[w]e make a reasonable, individualized determination in each case that considers various factors including, but not limited to, the company’s size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company’s operations, that might impact its compliance program.”
The revised guidance references the U.S. Attorney’s Manual and specifies certain universal or common questions that the DOJ will ask in making those individualized determinations. One of those questions is simply worded with added precision, thus providing better guidance: “Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?”
The document goes on to specify that the DOJ, when evaluating the adequacy and legitimacy of such anti-corruption programs in the context of criminal investigations, will consider certain factors. These factors include the circumstances of the company; the company’s compliance program’s evolution over time; the adequacy of the compliance program’s periodic reviews, as well as improvements based upon those reviews; the company’s process for incorporating lessons learned from each company’s experiences; the updating of policies and procedures; the accessibility and efficacy of its policies and procedures; testing of same; ensuring pre-and post-acquisition due diligence involving third-party integration; the availability of data resources and access, or lack thereof; the consistency of investigations and discipline for infractions; and whether the company reviews and adapts its own compliance program based upon lessons learned both internally and from other companies.
Ultimately, the fortunes and sometimes fates of the companies which we represent, and which do business in high-risk/high-reward international business environments, will at some point depend upon how effective we are in guiding and convincing them to build very real, substantive anti-corruption policies, practices, procedures, training, reporting, and response mechanisms. That is because, for those companies which function in such environments, the issue is not if an employee or corporate representative will engage in errant conduct, but when. Whether the transgressions discovered warrant self-reporting or otherwise trigger an investigation will, of course, depend on many factors, but in either case, our corporate clients need to understand that damage control is infinitely riskier than prevention. And even in the absence of any major crises, such prevention (i.e., compliance) mechanisms and practices can determine whether and to what extent that very company is marketable to a buyer seeking to acquire a business demonstrably free from the specter of nasty surprises.
The more detailed, specific guidance we can provide to our corporate executives and policymakers, especially guidance that is predicated upon the DOJ’s own protocols, with the tremendous benefit of knowing in advance precisely what investigators will be looking for in the event of any investigation—the better armed we and our clients are to survive any uncovered violations of law. The more detailed the available guidance becomes, the better equipped we are to avoid altogether damaging conduct and investigations which could otherwise result in extraordinarily costly and debilitating DPS, NPAs, or even adjudications.
Because the newly-published guidance requires — or at least strongly encourages — a consistent pattern of scrupulous compliance (indeed, the guidance provides the benefit of spelling out exactly what the government is looking for if it is to be convinced of the subject company’s virtue), the obvious and compelling message to the corporate client is to build and maintain a history of scrupulous compliance—a reservoir of credibility, if you will—for that rainy day when the company will need to demonstrate literally years of compliant practices in order to avoid the worst.
 United States Department of Justice, Criminal Division, “Evaluation of Corporate Compliance Programs,” June 2020, https://fcpablog.com/wp-content/uploads/2020/06/evaluation-of-corporate-compliance-programs-june-2020-revision.pdf
 “Deputy Attorney General Rosenstein Delivers Remarks at the 34th International Conference on the Foreign Corrupt Practice Act,” Nov. 29, 2017, https://www.justice.gov/opa/speech/deputy-attorney-general-rosenstein-delivers-remarks-34th-international-conference-foreign
 Justice Manual, Department of Justice, available at https://www.justice.gov/jm/jm-9-47000-foreign-corrupt-practices-act-1977.
 Richard L. Cassin, “Here’s every change the DOJ made Monday to its corporate compliance program evaluation guidance,” The FCPA Blog, June 2, 2020, https://fcpablog.com/2020/06/02/heres-every-change-the-doj-made-monday-to-its-corporate-compliance-program-evaluation-guidance/; Richard L. Cassin, “At Large: Is this the most important change in the DOJ’s new guidance?,” The FCPA Blog, June 4, 2020, https://fcpablog.com/2020/06/04/at-large-is-this-the-most-important-change-in-the-dojs-new-guidance/
 United States Department of Justice, Criminal Division, “Evaluation of Corporate Compliance Programs,” June 2020, p.1 https://fcpablog.com/wp-content/uploads/2020/06/evaluation-of-corporate-compliance-programs-june-2020-revision.pdf
 Id. at p. 2.